The Grove Medical Centre has a legal duty to explain how we use any personal information we collect about you, as a registered patient, at the practice. Staff at this practice maintain records about your health and the treatment you receive in electronic and paper format.
In accordance with Article 5 of the GDPR, this practice will ensure that any personal data is:
- Processed lawfully, fairly and in a transparent manner in relation to the data subject
- Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
- Adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed
- Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay
- Kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed
- Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures
Information We Collect
You are required to give some information to register at our Practice, such as your name, address, date of birth, gender, nationality, main spoken language, landline and mobile telephone number and email address. We also gather some information about your health at this point for us to start our care as soon as possible. We ask for any long term conditions you may have, allergies, smoking and alcohol data. Over the years we may gather information about people who help care for you and your legal representatives.
Your Medical Record
When we inform the NHS you are registering with us they will request your full and complete medical record from your previous practice. This will either come on paper by NHS Courier or electronically. We check either/both the electronic copy or the paper copy to make sure everything we need to know about your health is on our electronic record. We will then add to your medical record every time you contact or visit the surgery. Our clinicians will enter details of your appointments with them and of any referrals to other services. We receive letters from any other service involved in your care:
- Hospital specialities, Accident and Emergency and Out of ours or Walk in Centres
- Community Care providers e.g. Physiotherapy, Mental Health, District or Community Nurses, Macmillan Nurses,
- Social Care services
- Safeguarding for both Adults and Children
- Social Prescribers
Information We Receive From Your Use of On-line Services
We may ask you to sign up for our on line services. This allows you to order your medication on line or book and cancel appointments. We do not keep any details about your device but when you book or cancel appointments, or order a prescription that information is logged on your medical record.
Recorded Telephone Calls
Calls both into and out of the Practice are not recorded. Security at the Practice is monitored by CCTV. This is in line with the Governments Surveillance Camera Code of Practice 2013. Either could be accessed by the police if a request was made.
How We Use Information
Direct Personal Care
We use the information we record to provide you with direct health care. We also use it to plan and invite patients to special clinics and reviews for example a long term condition annual review, smoke stop and weight management clinics and flu clinics for those eligible. Information may be used within the practice for clinical Audit to monitor the service we provide.
Communicate with You
We use your information when needed to inform you about clinics and appointments and may contact you via post, telephone or SMS message. We will only contact you about your own personal health care and will never discuss anything with anyone other than you unless you have given you written consent for us to do so.
How Information Is Shared
For Your Direct Care
If we need to refer you to another health care provider for example a Hospital Specialist we will share some of your personal data with them to enable them to offer you appropriate direct care. We will share your name and address and telephone numbers, your current problems and medication. Details relating to the health problem you are being referred for and any allergies they should know about.
For the National Screening Programs
Some of your data is provided to Public Health England to make sure you are invited for all relevant national screening programs such as smears, breast and bowel cancer screening.
For National planning of Health and Social Care
Information from your medical record may be used to protect the health of the public and to help us manage the NHS. Some of this information will be held centrally and used for statistical purposes but where we do this we take strict measures to ensure that individual patients cannot be identified. Sometimes your information may be requested for research purposes but the surgery will always gain your consent before releasing this information.
In order to comply with its legal obligations, this practice may send data to NHS Digital when directed by the Secretary of State for Health under the Health and Social Care Act 2012. Additionally, this practice contributes to national clinical audits and will send the data that is required by NHS Digital when the law allows. This may include demographic data, such as date of birth, and information about your health for example diabetes or high blood pressure.
Processing your information in this way and obtaining your consent ensures that we comply with Articles 6(1)(c), 6(1)(e) and 9(2)(h) of the GDPR.
With our Partner Organisations
Where it is in your interest to do so or when we are required to, we may also share your information, subject to strict agreements on how it will be used, with the following organisations:
- NHS Trusts, other GP’s and Local Authorities (including Social Care and Education Services) and Private Sector Providers
- Ambulance Trusts, Police Services, Fire and Rescue Services
- Clinical Commissioning Groups
- Other ‘data processors’ working on behalf of the NHS and Local Authorities
- Voluntary Sector Providers working on behalf of or with the NHS and Local Authorities
- Independent Contractors such as dentists, opticians, pharmacists
- Governmental Regulators.
For Legal Reasons or To Prevent Harm
We may preserve or disclose information about you to comply with a law, regulation, legal process, or governmental request; to assert legal rights or defend against legal claims; or to prevent, detect, or investigate illegal activity, fraud, abuse, violations of our terms, or threats to the security of the Services or the physical safety of any person.
We will only ever pass on information about you to others involved in your care if there is a genuine need for it. We work within the information sharing principles following Dame Fiona Caldicott's information sharing review where "The duty to share can be as important as the duty to protect patient confidentiality".
Your Rights To Access and Check Your Personal Data
We are committed to maintaining confidentiality and protecting the information we hold about you. We adhere to the General Data Protection Regulation (GDPR), the NHS Codes of Confidentiality and Security, as well as guidance issued by the Information Commissioner’s Office (ICO). You have a right to access the information we hold about you, and if you would like to access this information, you will need to complete a Subject Access Request (SAR). Please ask at reception for a SAR form and you will be given further information. Furthermore, should you identify any inaccuracies, you have a right to have the inaccurate data corrected.
National data opt-out programme
The national data opt-out programme will give patients the opportunity to make an informed choice about whether they wish their confidential patient information to be used just for their individual care and treatment or also used for research and planning purposes. This programme will be live with effect from 25 May 2018.
Patients who wish to opt out of data collection will be able to set their national data opt-out choice online. An alternative provision will be made for those patients who are unable to do so or who do not want to use the online system.
Individuals who have opted out using the existing Type 2 opt-out will be automatically transferred to the new national data opt-out system and will be notified on an individual basis of the change.
Your GP Practice
We keep your account information, like your name, email address and password, for as long as you are registered at this practice. If you decide to register elsewhere your record will be passed to your new GP practice by a mixture of paper and electronic transfer.
Services provided by others
The NHS maintains your medical record from birth for the whole of your life.
- We are committed to protect your privacy and will only use your information lawfully in accordance with:
- Data Protection Act 2018 and General Data Protection Regulation 2018
- Human Rights Act 1998
- Common Law Duty of Confidentiality
- Health and Social Care Act 2012
- NHS Code of Confidentiality, Information Security and Records Management
Changes to This Policy
We will notify you before we make material changes to this policy and give you an opportunity to review the revised policy before deciding if you would like to continue to use the Services.